this post was submitted on 09 Aug 2024
592 points (98.8% liked)

Technology

34984 readers
238 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
 

“We’re aware of reports that access to Signal has been blocked in some countries,” Signal says. If you are affected by the blocks, the company recommends turning on its censorship circumvention feature. (NetBlocks reports that this feature lets Signal “remain usable” in Russia.)

you are viewing a single comment's thread
view the rest of the comments
[–] barryamelton@lemmy.ml 0 points 3 months ago (2 children)

That argument makes absolutely no sense. These server-side code does almost nothing. The only task it really has is passing around encrypted packets between clients.

So it knows about all metadata, plus registration with phone number, etc. got it.

The Signal protocol, which is used for client-side, local, on-device end-to-end encryption has always been fully open, and it can be used by any app/platform.

you conveniently leave out how you need to use the client built by Signal, with dependencies from Google Services and the like, and you can't use one built from the source they provide. Which at that point means they can introduce whatever they want in whichever version.

Decentralisation is the only safe way.

[–] Andromxda@lemmy.dbzer0.com 1 points 3 months ago* (last edited 3 months ago)

So it knows about all metadata

Metadata is encrypted on the client-side using Signal's sealed sender implementation. The client also removes as much metadata as possible. All of this is open-source and happens in the client application.

plus registration with phone number

Signal doesn't store phone numbers. It derives a user id from your phone number along with other parameters. It's in the open-source server code, you can check it out yourself.

you need to use the client built by Signal

No you don't. I myself use a fork of Signal called Molly.

with dependencies from Google Services and the like

Not true again. You don't need to use the official binary that includes Google libraries. These aren't required for the app to function. You can use Signal-FOSS or Molly-FOSS, and it works just fine.

and you can’t use one built from the source they provide

If this was true, forks like Signal-FOSS or Molly wouldn't exist.

Which at that point means they can introduce whatever they want in whichever version.

Stupid conclusion, because all of your previous points are false

Stop spreading false information, focus on the facts.

[–] fira959@lemmy.ml 0 points 3 months ago

You can use reproducible builds to verify that the provided clients are the result of the source code and you can also use alternative clients like Molly